Skip to main content

How do I resolve the authentication issue with custom SMTP?

K
Written by Karthek S
Updated today

Table of contents:

1) Issue description

2) Follow these steps to fix the issue

3) References

Issue: The client encountered the following error while testing the custom SMTP settings in the RH portal.

Issue description:

535 5.7.139 Authentication unsuccessful, basic authentication is disabled.

[SG3P274CA0002.SGPP274.PROD.OUTLOOK.COM 2026-03-31T09:09:34.230Z]

This is a Microsoft 365 error. Microsoft has permanently disabled Basic Authentication (username + password) for most protocols in Exchange Online, with SMTP AUTH blocked by default, to enhance security against password spray attacks. The fix requires enabling SMTP AUTH specifically for the sending mailbox via the Microsoft 365 Admin Center.

Follow these steps to fix the issue

Solution 1:

Enable SMTP AUTH for the mailbox in Microsoft 365

  1. Go to https://admin.microsoft.com and log in as an Admin

  2. Navigate to UsersActive Users

  3. Search for and open the mailbox. For example: [email protected]

  4. Click the Mail tab → Manage email apps

  5. Check the box for Authenticated SMTPSave

  6. Wait 5–10 minutes, then click Test Settings on the portal

Note: Once the above step is completed, follow the next step to verify SMTP AUTH at the tenant level

Verify whether SMTP AUTH is enabled at the tenant level

Sometimes SMTP AUTH is disabled at the organization level, which overrides per-user settings. To check:

  1. Open Exchange Admin Centerhttps://admin.exchange.microsoft.com

  2. Go to SettingsMail flow

  3. Look for Turn off Authenticated SMTP - ensure this is unchecked (i.e., SMTP AUTH is allowed)

Alternatively, verify via PowerShell:

# Connect to Exchange Online
Connect-ExchangeOnline -UserPrincipalName [email protected]

# Check the mailbox SMTP AUTH setting
Get-CASMailbox -Identity [email protected] | Select SmtpClientAuthenticationDisabled

  • If the result is True → SMTP AUTH is blocked.

  • Then, run:

Set-CASMailbox -Identity [email protected] -SmtpClientAuthenticationDisabled $false

  • If the result is False → SMTP AUTH is already enabled at the mailbox level

Then check Tenant-Level SMTP AUTH via PowerShell

# Check organization-wide setting
Get-TransportConfig | Select SmtpClientAuthenticationDisabled

  • If True → Re-enable at org level:

Set-TransportConfig -SmtpClientAuthenticationDisabled $false

Solution 2:

Check if MFA (Multi-Factor Authentication) is enabled on the mailbox.

If it is, the regular password won't work, and you'll need an App Password instead.

  1. Log in to My Sign-Ins as the mailbox user

  2. Click + Add MethodApp Password

  3. Name it (e.g., Portal SMTP) and copy the generated password

  4. Paste that password into the portal's SMTP Password field and test again

Additional steps to check:

Disable Security Defaults in Entra ID

Microsoft's Security Defaults can block Basic Authentication entirely, overriding all other settings.

  1. Go to Microsoft Azure and then Entra ID

  2. Navigate to → Properties

  3. Click Manage Security Defaults at the bottom

  4. If enabled, turn it OFF and save

Check Conditional Access Policies

If the tenant uses Conditional Access, there may be a policy blocking Basic Auth.

  1. In Microsoft Azure go to Entra IDSecurityProtectConditional AccessPolicies

  2. Look for any policy that blocks Exchange Online or SMTP

  3. Either exclude the mailbox from that policy or adjust it to allow SMTP AUTH

References:

https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission

https://learn.microsoft.com/en-us/entra/fundamentals/security-defaults

https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authentication-in-exchange-online

Did this answer your question?